If you haven't seen it, TxAuth (was "XYZ") has got some pretty stable charter language now: https://mailarchive.ietf.org/arch/msg/txauth/x5OXod7RKoHJ8NcJjbm3vxT_RE4 Of particular relevance to UMA, the scope of the effort includes (excerpted): - "widely deployed use cases currently supported by OAuth 2.0 and OpenID Connect (an extension of OAuth 2.0) as well as new use cases not enabled by OAuth 2.0" - "Approval of multiple resources and APIs in a single interaction" - "Separation between the party authorizing access and the party operating the client requesting access" [I take this to include asynchronicity as well as multiple parties] Justin may want to comment further. *Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl